thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4cb83f945d
flakes/modules/nixos/services/arr/jellyfin/default.nix
Chinmay D. Pai 4cb83f945d
feat: add fail2ban setup for services 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
2024-10-05 21:00:53 +05:30

92 lines
2.2 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}: {
options.snowflake.services.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin deployment configuration";
};
config = let
cfg = config.snowflake.services.jellyfin;
in
lib.mkIf cfg.enable {
services.jellyfin = {
enable = true;
openFirewall = true;
};
users.groups.media = {
members = ["@wheel" "jellyfin"];
};
nixpkgs.config.packageOverrides = pkgs: {
jellyfin-ffmpeg = pkgs.jellyfin-ffmpeg.override {
ffmpeg_6-full = pkgs.ffmpeg_6-full.override {
withMfx = false;
withVpl = true;
};
};
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
environment.systemPackages = with pkgs; [
jellyfin-ffmpeg
];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
vpl-gpu-rt
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
services.jellyseerr.enable = true;
services.jellyseerr.openFirewall = true;
services.nginx = {
virtualHosts = {
"jelly.deku.moe" = {
serverName = "jelly.deku.moe";
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8096/";
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
};
services.fail2ban.jails.jellyfin = {
enabled = true;
filter = "jellyfin";
};
environment.etc = {
jellyfin = {
target = "fail2ban/filter.d/jellyfin.conf";
text = ''
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.
ignoreregex =
journalmatch = _SYSTEMD_UNIT=jellyfin.service
'';
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink